Details

Description

It would be good to have audit logging in the metastore, similar to Hadoop's NameNode audit logging. This would allow administrators to dig into details about which user performed metadata operations (like create/drop tables/partitions) and from where (IP address).

Submitting patch for review. There is one caveat with this patch - it won't log the IP address of the remote clients when security is enabled in Hive. Making this work means a change in thrift. I have raised THRIFT-1053 for the same. Once THRIFT-1053 is addressed, I will provide a fix (in a different jira) to capture the IP address for the secure case too.

Devaraj Das
added a comment - 04/Feb/11 23:15 Submitting patch for review. There is one caveat with this patch - it won't log the IP address of the remote clients when security is enabled in Hive. Making this work means a change in thrift. I have raised THRIFT-1053 for the same. Once THRIFT-1053 is addressed, I will provide a fix (in a different jira) to capture the IP address for the secure case too.

Namit Jain
added a comment - 07/Feb/11 20:16 What about the performance impact for this ?
I mean, there seems to be no way to turn it off - is reading the conf.
try
{
ugi = ShimLoader.getHadoopShims().getUGIForConf(getConf());
}
catch (Exception ex)
{
throw new RuntimeException(ex);
}
for every audit operation acceptable ?